Mitigating chaos and uncertainty during a global pandemic

by Azeem Aleem

16 April 2020

A man working on his laptop at night

These are unprecedented times for business; however, crisis management is nothing new for humanity. A quick rewind through history to October 1911 would revive the names of the great explorers Roald Amundsen and Robert Falcon Scott, who competed to be the first to reach the South Pole.

Ronald Amundsen/Robert Falcon Scott at base camp

In 1911, the explorers Roald Amundsen and Robert Falcon Scott competed to be the first to reach the South Pole

Two different leaders: two different outcomes

Battling the same temperatures and terrain, the two expeditions achieved different outcomes. Amundsen was victorious, leading his team safely back home. Scott’s flawed leadership resulted in the team's defeat, 34 days after Amundsen’s victory. Scott died soon after, alongside four members of his expedition. How can one leader achieve an incredible triumph in such a harsh terrain, while the other leader failed to survive?

A person working from home

Cyberdiscipline is essential in order to remain resilient during cyberattacks

Preparing, responding and remaining resilient during cyberattacks

It wasn’t a matter of luck. Analysis shows that Roald Amundsen exhibited an uncanny, focused discipline in three domains: preparedness, response, resilience.

With the current COVID-19 pandemic, businesses need to focus on their core cyberdiscipline to remain resilient in the face of cyberattacks. We can see a significant rise in coordinated cyberattacks as the majority of businesses shift their modus operandi to remote work (WFH).

A woman working from home

As their employees work from home, businesses are experiencing a significant rise in cyberattacks

Preparedness

With the change in working dynamics, there is a dire need to refresh the responsibility assignment matrix (RACI model) around domains (including people) to develop a layer of accountability and consultation. The mandatory mapping of the complete network is crucial. This will create visibility and allow organizations to critically evaluate the network; most organizations will come across the following blind spots during analysis:

  • remote connectivity valuation
  • patch management appraisal
  • network topology assessment

Response

During the current chaos, we must not allow a preventive mind-set, and ‘analysis paralysis’ syndrome seep in. In the first instance, we should be able to understand the attack telemetry by creating end-to-end visibility through appropriate tools and procedures. In the second, organizations need to accept that they may get breached during this pandemic crisis and they need move towards more proactive analysis that enables them to integrate a single normalized platform to detect the behavioural classification of cyber criminals.

Organizations will need to re-define the parameters of their response for the purposes of:

  1. Business and risk alignment: This is about understanding the mission, scope and authority needed to mitigate risk.
  2. Visibility: Define the visibility required to achieve mission readiness.
  3. Content: Build enablement for detection — including use cases, situational awareness, and baseline.
  4. Applied intelligence and analytics: Analyse, attribute and predict the threat to refocus the mission.

Resiliency

All critical processes must be tested, analysed and updated on a regular basis, in order to ensure all personnel involved are fully prepared and capable of quickly, efficiently and safely achieving the required objectives.

Resiliency techniques shouldn’t just focus on the perimeter, which means deploying more and more new technologies. Instead, organizations need to follow an intelligence-driven security framework or phased approach. To achieve the state of so-called ‘Cyber Swing’ (like ‘Swing’ in rowing – that state of near perfection when all rowers are in harmony with no wasted energy) within a business environment, organizations need an incremental resilience strategy to help them reach a stage of security maturity and to pre-empt advanced attacks.

Azeem Aleem

Azeem Aleem

VP, Cybersecurity Consulting, NTT Ltd.